slyoldfox · January 16, 2019 19:29
diff --git a/Apr with Tomcat embedded b/Apr with Tomcat embedded
 package com.atlassian.bitbucket.internal.boot.web;

 import org.apache.catalina.LifecycleListener;
 import org.apache.catalina.core.AprLifecycleListener;
 import org.apache.coyote.http11.Http11AprProtocol;
 import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
 import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

 @Configuration
 public class MyTest {
    @Bean
    public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
        return (factory) -> {
            TomcatEmbeddedServletContainerFactory t =  ((TomcatEmbeddedServletContainerFactory) factory);            LifecycleListener arpLifecycle = new AprLifecycleListener();
            t.setProtocol("org.apache.coyote.http11.Http11AprProtocol");
            t.addContextLifecycleListeners(arpLifecycle);
            t.addConnectorCustomizers((connector) -> {
                        connector.setScheme("https");
                        connector.setSecure(true);
                        Http11AprProtocol apr = (Http11AprProtocol) connector.getProtocolHandler();
                        apr.setSSLEnabled(true);
                        apr.setSslEnabledProtocols("TLSv1.2");
                        apr.setSSLDisableCompression(true);
                        apr.setSSLCertificateFile("/var/bitbucket-home/mycertificate.crt");
                        apr.setSSLCertificateKeyFile("/var/bitbucket-home/mycertificate.key");
                        apr.setSSLCertificateChainFile("/var/bitbucket-home/an-intermediate-certificate.crt");
                        //apr.setSSLHonorCipherOrder("true");
                        apr.setSSLProtocol("TLSv1.2");
                        apr.setSSLCipherSuite("ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES25
 6-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES
 128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES
 256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DH
 E-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK");
                    });
        };
    }
 }
	package com.atlassian.bitbucket.internal.boot.web;

	import org.apache.catalina.LifecycleListener;
	import org.apache.catalina.core.AprLifecycleListener;
	import org.apache.coyote.http11.Http11AprProtocol;
	import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
	import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;

	@Configuration
	public class MyTest {
	@Bean
	public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
	return (factory) -> {
	TomcatEmbeddedServletContainerFactory t = ((TomcatEmbeddedServletContainerFactory) factory); LifecycleListener arpLifecycle = new AprLifecycleListener();
	t.setProtocol("org.apache.coyote.http11.Http11AprProtocol");
	t.addContextLifecycleListeners(arpLifecycle);
	t.addConnectorCustomizers((connector) -> {
	connector.setScheme("https");
	connector.setSecure(true);
	Http11AprProtocol apr = (Http11AprProtocol) connector.getProtocolHandler();
	apr.setSSLEnabled(true);
	apr.setSslEnabledProtocols("TLSv1.2");
	apr.setSSLDisableCompression(true);
	apr.setSSLCertificateFile("/var/bitbucket-home/mycertificate.crt");
	apr.setSSLCertificateKeyFile("/var/bitbucket-home/mycertificate.key");
	apr.setSSLCertificateChainFile("/var/bitbucket-home/an-intermediate-certificate.crt");
	//apr.setSSLHonorCipherOrder("true");
	apr.setSSLProtocol("TLSv1.2");
	apr.setSSLCipherSuite("ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES25
	6-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES
	128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES
	256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DH
	E-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK");
	});
	};
	}
	}